Fix phone verification secret in events & payload
The secret in events & payload should match the secret sent to messaging.
This commit is contained in:
parent
6db141acc9
commit
5d385c9a9d
1 changed files with 2 additions and 3 deletions
|
@ -2438,7 +2438,6 @@ App::post('/v1/account/verification/phone')
|
||||||
$roles = Authorization::getRoles();
|
$roles = Authorization::getRoles();
|
||||||
$isPrivilegedUser = Auth::isPrivilegedUser($roles);
|
$isPrivilegedUser = Auth::isPrivilegedUser($roles);
|
||||||
$isAppUser = Auth::isAppUser($roles);
|
$isAppUser = Auth::isAppUser($roles);
|
||||||
$verificationSecret = Auth::tokenGenerator();
|
|
||||||
$secret = Auth::codeGenerator();
|
$secret = Auth::codeGenerator();
|
||||||
$expire = DateTime::addSeconds(new \DateTime(), Auth::TOKEN_EXPIRATION_CONFIRM);
|
$expire = DateTime::addSeconds(new \DateTime(), Auth::TOKEN_EXPIRATION_CONFIRM);
|
||||||
|
|
||||||
|
@ -2474,13 +2473,13 @@ App::post('/v1/account/verification/phone')
|
||||||
->setParam('userId', $user->getId())
|
->setParam('userId', $user->getId())
|
||||||
->setParam('tokenId', $verification->getId())
|
->setParam('tokenId', $verification->getId())
|
||||||
->setPayload($response->output(
|
->setPayload($response->output(
|
||||||
$verification->setAttribute('secret', $verificationSecret),
|
$verification->setAttribute('secret', $secret),
|
||||||
Response::MODEL_TOKEN
|
Response::MODEL_TOKEN
|
||||||
))
|
))
|
||||||
;
|
;
|
||||||
|
|
||||||
// Hide secret for clients
|
// Hide secret for clients
|
||||||
$verification->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? $verificationSecret : '');
|
$verification->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? $secret : '');
|
||||||
|
|
||||||
$response
|
$response
|
||||||
->setStatusCode(Response::STATUS_CODE_CREATED)
|
->setStatusCode(Response::STATUS_CODE_CREATED)
|
||||||
|
|
Loading…
Reference in a new issue